问题
Does the Android Keystore make use of the Trusted Execution Environment (TEE) and Secure Element (SE) automatically if it is available? Or are any further steps required?
回答1:
Generally yes.
There is no requirement for the Keystore to be hardware backed on all device, but if it is hardware backed and if that is by a TEE (the common case) then it will be used whenever Keystore backed keys are used.
See the current CDD document for requirements around this. Section 9.11. Keys and Credentials
You may also find this answer interesting, as it talks about the keymaster & TEE implementations.
来源:https://stackoverflow.com/questions/39957052/does-the-android-keystore-make-use-of-the-trusted-execution-environment-tee-an